02/11/2008
What is the requirement for training employees on Information Technology - Use and Monitoring...including computer access, email do's and don'ts, etc?
11/12/2007
I have a very technical GLBA question. It is my understanding that if all employees of the bank are required to have deposit accounts then they are also considered a customer under GLBA. If there happened to be a breach of employee nonpublic information through the HR department, say the payroll vendor was compromised and all employees' social security numbers were released, would this not be considered a breach under GLBA and notification required to the affected customers (employees) along with notice to our regulators? Is it possible since the breach occurred through HR department and was of employees' nonpublic information that it is not defined as a breach under GLBA?
07/09/2007
We are having a misunderstanding at my financial institution about the USA PATRIOT Act. We were first opening corporate accounts and gathering identification documentation and social security numbers on all the signers on corporate accounts. We were then instructed that it was unnecessary to obtain this information on the signers. Then about a year later we were instructed that the USA PATRIOT Act does require us to get this information. Does BSA or the PATRIOT Act require financial institutions to get ID for signers on corporate accounts as of 2007? If it does not, where can I find this information?
02/19/2007
What are the criteria for retention of CIP forms? How long do we retain CIP forms? Do we need to retain them for a specific period after accounts are closed and loans are satisfied?
10/02/2006
In the past, we sent mortgage loan closing documents to the title company via the internet. We stopped this practice because we feel that without having a secured e-mail line, and without encrypting the data, we would be in violation of GLB. Same with sending our Good Faith Estimates, or other disclosures. We stopped sending via e-mail to customers because of GLB issues. Are we correct in that it would be a violation of GLB to send non-public financial information electronically over a non-secure line?
09/18/2006
Should our bank have confidentiality agreements with allvendors who provide services to our bank? (ie. on-site paper shredding companies, coffee suppliers, etc.)
08/14/2006
I work for a federal agency that sends literally millions of deposits directly to bank accounts each month. Our policy states that in the event a beneficiary does not receive a direct deposit in his/her account, we must verify with the bank that the deposit was not received. With the financial privacy act in mind, can banks verify whether or not a deposit has been received if the depositor knows the owner of the account, the account number, the SSN of the account holder, the amount of deposit and the date it was deposited?
08/14/2006
In the past, we sent mortgage loan closing documents to the title company via the internet. We stopped this practice because we feel that without having a secured e-mail line, and without encrypting the data, we would be in violation of GLB. Same with sending our Good Faith Estimates, or other disclosures. We stopped sending via e-mail to customers because of GLB issues. Are we correct in that it would be a violation of GLB to send non-public financial information electronically over a non-secure line?
06/19/2006
One of our staff members disclosed client information to a third party. The staff member has been terminated. Do we need to file a SAR?
06/19/2006
Our CIP policy states that for a sole proprietorship, we CIP only the owner following our consumer CIP procedures. Our consumer CIP procedures permit account opening for a non-resident alien without a TIN, and with a signed W-8. What are the requirements if a non-resident alien wants to open an account for a sole proprietorship? Do we not open the account if the owner does not have a social security number?